| Observer Standard
| Observer Expert
| Observer Suite
| Observer Reporting Server
What is Retrospective Network Analysis?
Retrospective network analysis allows you to quickly browse backwards through massive amounts of network traffic to view breaches and anomalies as they happened, within the context of other activity on the network.
Now you can avoid the labor-intensive step of re-creating problems to troubleshoot them.
Traditional packet capture gives administrators insight into networks via packet-level decode and analysis. While these tools are useful in managing mid- to enterprise-level networks, using them to provide administrators enough information to solve subtle or sporadic problems is difficult.
RNA acts like a 24/7 surveillance camera—it is far easier to find the culprit using a stored video of the crime rather than one photograph.
How Retrospective Network Analysis Works
Your Network Recorder
With continually captured data, GigaStor makes it easy to “rewind” your network, determine problem sources, and perform analysis. Retrospective network analysis speeds troubleshooting and provides long-term corporate-wide benefits.
GigaStor holds up to 12 TB of data with standard versions and is available in configurations supporting up to 288 TB or offloading to a SAN for nearly unlimited storage.
Revive the Past
GigaStor can take captured traffic and recreate communications in an easy-to-view format. Rebuild web pages (including images), and reconstruct e-mails and instant messages to gather evidence of network activity.
More than a simple network recorder, GigaStor provides long-term, real-time, and post-capture network statistics and allows you to apply expert analysis to view possible problem causes and immediate solutions.
Answer the VoIP Call
Continually monitor VoIP performance. Save or play voice conversations. Obtain high-level VoIP traffic summaries and in-depth call detail records. Track jitter, MOS, and other unified communications statistics.
A Real-World RNA Example
1. Suspicious Web Activity
HR requests a report on web activity for John Doe, an employee suspected of accessing prohibited web sites using corporate equipment.
2. Go Back in Time
IT uses the GigaStor’s Time Navigation to quickly isolate and filter down on John Doe’s web traffic for the previous week.
3. Reconstruct Web Pages
A scan shows suspicious URLs. With GigaStor, the IT manager sees the web page exactly as it appeared on that specific day by reconstructing captured data. The GigaStor’s Stream Reconstruction rebuilds web pages Doe visited during the period in question.
4. GigaStor Provides Evidence
Evidence allows HR to take appropriate action and enforce corporate policy with the employee.
RNA In Practice (Example 2)
1. CFO cannot log in using VPN client
IT receives a request to investigate problems the company’s CFO faced over the weekend trying to log in to the corporate network.
2. IT goes back in time
IT uses the GigaStor’s Time Navigation to quickly isolate and filter down to view the CFO’s log in attempts over the weekend.
3. GigaStor drills down
IT sees the VPN client went down on Friday night due to a password reset.
4. IT resolves the issue, informs CFO
IT adjusts the password parameters and notifies the CFO that cause of the problem had been identified and corrected.
Is it the Network, the Application, or Security?
GigaStor's forensic capabilities let you diagnose and resolve network problems through retrospective network analysis. GigaStor operates like a security camera, recording everything traversing the network.
GigaStor Security Forensics determines if a security breach occurred by comparing historical traffic against thousands of Snort rules to identify attacks and anomalies.
GigaStor provides drill-down analysis to determine the source and time of breaches.
- View breaches exactly as they happened
- Identify compromised machines and network infrastructure
- Drill down for packet-level forensic analysis
- Reconstruct mined data
- Provide evidence for compliance and security issues
GigaStor plays a significant role in data mining, network forensics, and data-retention compliance. It provides a separate and unaltered view of network activity that can be played back to investigate connections and transactions.
GigaStor can reconstruct mined data, providing hard evidence such as VoIP phone conversations, web pages, documents, instant messages, and e-mails.